One of the recent updates (might be still rolling out) to guest access is to allow adding guests without the need to create a Microsoft Account during the process. Guests can use their Gmail email. For more information about guest access in general, check Docs.Microsoft.Com article and this roadmap item.
Note this one-time passcode isn’t 1:1 the roadmap item shown above. I have added a section to the end of this blog post to tell about Google authentication in federated way.
I tested this with a GMail account I just created for this purpose. This relies on sending a verification code each time to that address when you try to sign in, instead of creating a Microsoft Account. You start by adding the guest as usual.
They receive an email that they have been added to a team:
Once they try to log in to Teams, they will get information about the verification code.
After entering the code, you grant access
And you are in, no need to enter or create new passwords or accounts:
Logging back to Teams later
When you log back to Teams later with this account you will need to have your email open, since you don’t have a password for Teams. Start logging in by entering your email into login dialog.
Click on the blue text ”sign in with a one-time code sent to your email”
You will receive the verification code
And you are right back in!
Federated Google authentication and Teams
I got some feedback about this (thank you all! ❤) and a point to go into this Docs article that describes how to setup a federation to support Google authentication to Teams directly – without any passcodes, but using the google identity.
I tested the federation and it works like a charm! I was able to create a another Google Gmail account and login into Teams. This time without passcodes. I couldn’t change the existing account to support it, but a quick & dirty demo way was to create a new one.
The article contains a good step by step way how to activate Google federation to your tenant, so I am not repeating the step in this one.
Just keep in mind that once the account is setup to use OTP authentication you may not be able to switch it to use federated Google authentication. At least not from UI. Perhaps someone knowing more about Azure AD identities can provide some information about how to do it.